1// Code generated by smithy-go-codegen DO NOT EDIT.
2
3package s3
4
5import (
6	"context"
7	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
8	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
9	s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations"
10	"github.com/aws/aws-sdk-go-v2/service/s3/types"
11	"github.com/aws/smithy-go/middleware"
12	smithyhttp "github.com/aws/smithy-go/transport/http"
13)
14
15// Sets the permissions on an existing bucket using access control lists (ACL). For
16// more information, see Using ACLs
17// (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html). To set
18// the ACL of a bucket, you must have WRITE_ACP permission. You can use one of the
19// following two ways to set a bucket's permissions:
20//
21// * Specify the ACL in the
22// request body
23//
24// * Specify permissions using request headers
25//
26// You cannot specify
27// access permission using both the body and the request headers. Depending on your
28// application needs, you may choose to set the ACL on a bucket using either the
29// request body or the headers. For example, if you have an existing application
30// that updates a bucket ACL using the request body, then you can continue to use
31// that approach. Access Permissions You can set access permissions using one of
32// the following methods:
33//
34// * Specify a canned ACL with the x-amz-acl request
35// header. Amazon S3 supports a set of predefined ACLs, known as canned ACLs. Each
36// canned ACL has a predefined set of grantees and permissions. Specify the canned
37// ACL name as the value of x-amz-acl. If you use this header, you cannot use other
38// access control-specific headers in your request. For more information, see
39// Canned ACL
40// (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL).
41//
42// *
43// Specify access permissions explicitly with the x-amz-grant-read,
44// x-amz-grant-read-acp, x-amz-grant-write-acp, and x-amz-grant-full-control
45// headers. When using these headers, you specify explicit access permissions and
46// grantees (AWS accounts or Amazon S3 groups) who will receive the permission. If
47// you use these ACL-specific headers, you cannot use the x-amz-acl header to set a
48// canned ACL. These parameters map to the set of permissions that Amazon S3
49// supports in an ACL. For more information, see Access Control List (ACL) Overview
50// (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html). You specify
51// each grantee as a type=value pair, where the type is one of the following:
52//
53// * id
54// – if the value specified is the canonical user ID of an AWS account
55//
56// * uri – if
57// you are granting permissions to a predefined group
58//
59// * emailAddress – if the
60// value specified is the email address of an AWS account Using email addresses to
61// specify a grantee is only supported in the following AWS Regions:
62//
63// * US East (N.
64// Virginia)
65//
66// * US West (N. California)
67//
68// * US West (Oregon)
69//
70// * Asia Pacific
71// (Singapore)
72//
73// * Asia Pacific (Sydney)
74//
75// * Asia Pacific (Tokyo)
76//
77// * Europe
78// (Ireland)
79//
80// * South America (São Paulo)
81//
82// For a list of all the Amazon S3
83// supported Regions and endpoints, see Regions and Endpoints
84// (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) in the AWS
85// General Reference.
86//
87// For example, the following x-amz-grant-write header grants
88// create, overwrite, and delete objects permission to LogDelivery group predefined
89// by Amazon S3 and two AWS accounts identified by their email addresses.
90// x-amz-grant-write: uri="http://acs.amazonaws.com/groups/s3/LogDelivery",
91// id="111122223333", id="555566667777"
92//
93// You can use either a canned ACL or specify
94// access permissions explicitly. You cannot do both. Grantee Values You can
95// specify the person (grantee) to whom you're assigning access rights (using
96// request elements) in the following ways:
97//
98// * By the person's ID:
99// <>ID<><>GranteesEmail<>  DisplayName is optional and ignored in the request
100//
101// *
102// By URI: <>http://acs.amazonaws.com/groups/global/AuthenticatedUsers<>
103//
104// * By
105// Email address: <>Grantees@email.com<>lt;/Grantee> The grantee is resolved to the
106// CanonicalUser and, in a response to a GET Object acl request, appears as the
107// CanonicalUser. Using email addresses to specify a grantee is only supported in
108// the following AWS Regions:
109//
110// * US East (N. Virginia)
111//
112// * US West (N.
113// California)
114//
115// * US West (Oregon)
116//
117// * Asia Pacific (Singapore)
118//
119// * Asia Pacific
120// (Sydney)
121//
122// * Asia Pacific (Tokyo)
123//
124// * Europe (Ireland)
125//
126// * South America (São
127// Paulo)
128//
129// For a list of all the Amazon S3 supported Regions and endpoints, see
130// Regions and Endpoints
131// (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) in the AWS
132// General Reference.
133//
134// Related Resources
135//
136// * CreateBucket
137// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
138//
139// *
140// DeleteBucket
141// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html)
142//
143// *
144// GetObjectAcl
145// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAcl.html)
146func (c *Client) PutBucketAcl(ctx context.Context, params *PutBucketAclInput, optFns ...func(*Options)) (*PutBucketAclOutput, error) {
147	if params == nil {
148		params = &PutBucketAclInput{}
149	}
150
151	result, metadata, err := c.invokeOperation(ctx, "PutBucketAcl", params, optFns, addOperationPutBucketAclMiddlewares)
152	if err != nil {
153		return nil, err
154	}
155
156	out := result.(*PutBucketAclOutput)
157	out.ResultMetadata = metadata
158	return out, nil
159}
160
161type PutBucketAclInput struct {
162
163	// The bucket to which to apply the ACL.
164	//
165	// This member is required.
166	Bucket *string
167
168	// The canned ACL to apply to the bucket.
169	ACL types.BucketCannedACL
170
171	// Contains the elements that set the ACL permissions for an object per grantee.
172	AccessControlPolicy *types.AccessControlPolicy
173
174	// The base64-encoded 128-bit MD5 digest of the data. This header must be used as a
175	// message integrity check to verify that the request body was not corrupted in
176	// transit. For more information, go to RFC 1864.
177	// (http://www.ietf.org/rfc/rfc1864.txt) For requests made using the AWS Command
178	// Line Interface (CLI) or AWS SDKs, this field is calculated automatically.
179	ContentMD5 *string
180
181	// The account ID of the expected bucket owner. If the bucket is owned by a
182	// different account, the request will fail with an HTTP 403 (Access Denied) error.
183	ExpectedBucketOwner *string
184
185	// Allows grantee the read, write, read ACP, and write ACP permissions on the
186	// bucket.
187	GrantFullControl *string
188
189	// Allows grantee to list the objects in the bucket.
190	GrantRead *string
191
192	// Allows grantee to read the bucket ACL.
193	GrantReadACP *string
194
195	// Allows grantee to create, overwrite, and delete any object in the bucket.
196	GrantWrite *string
197
198	// Allows grantee to write the ACL for the applicable bucket.
199	GrantWriteACP *string
200}
201
202type PutBucketAclOutput struct {
203	// Metadata pertaining to the operation's result.
204	ResultMetadata middleware.Metadata
205}
206
207func addOperationPutBucketAclMiddlewares(stack *middleware.Stack, options Options) (err error) {
208	err = stack.Serialize.Add(&awsRestxml_serializeOpPutBucketAcl{}, middleware.After)
209	if err != nil {
210		return err
211	}
212	err = stack.Deserialize.Add(&awsRestxml_deserializeOpPutBucketAcl{}, middleware.After)
213	if err != nil {
214		return err
215	}
216	if err = addSetLoggerMiddleware(stack, options); err != nil {
217		return err
218	}
219	if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil {
220		return err
221	}
222	if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil {
223		return err
224	}
225	if err = addResolveEndpointMiddleware(stack, options); err != nil {
226		return err
227	}
228	if err = v4.AddComputePayloadSHA256Middleware(stack); err != nil {
229		return err
230	}
231	if err = addRetryMiddlewares(stack, options); err != nil {
232		return err
233	}
234	if err = addHTTPSignerV4Middleware(stack, options); err != nil {
235		return err
236	}
237	if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
238		return err
239	}
240	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
241		return err
242	}
243	if err = addClientUserAgent(stack); err != nil {
244		return err
245	}
246	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
247		return err
248	}
249	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
250		return err
251	}
252	if err = addOpPutBucketAclValidationMiddleware(stack); err != nil {
253		return err
254	}
255	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opPutBucketAcl(options.Region), middleware.Before); err != nil {
256		return err
257	}
258	if err = addMetadataRetrieverMiddleware(stack); err != nil {
259		return err
260	}
261	if err = addPutBucketAclUpdateEndpoint(stack, options); err != nil {
262		return err
263	}
264	if err = addResponseErrorMiddleware(stack); err != nil {
265		return err
266	}
267	if err = v4.AddContentSHA256HeaderMiddleware(stack); err != nil {
268		return err
269	}
270	if err = disableAcceptEncodingGzip(stack); err != nil {
271		return err
272	}
273	if err = addRequestResponseLogging(stack, options); err != nil {
274		return err
275	}
276	if err = smithyhttp.AddContentChecksumMiddleware(stack); err != nil {
277		return err
278	}
279	return nil
280}
281
282func newServiceMetadataMiddleware_opPutBucketAcl(region string) *awsmiddleware.RegisterServiceMetadata {
283	return &awsmiddleware.RegisterServiceMetadata{
284		Region:        region,
285		ServiceID:     ServiceID,
286		SigningName:   "s3",
287		OperationName: "PutBucketAcl",
288	}
289}
290
291// getPutBucketAclBucketMember returns a pointer to string denoting a provided
292// bucket member valueand a boolean indicating if the input has a modeled bucket
293// name,
294func getPutBucketAclBucketMember(input interface{}) (*string, bool) {
295	in := input.(*PutBucketAclInput)
296	if in.Bucket == nil {
297		return nil, false
298	}
299	return in.Bucket, true
300}
301func addPutBucketAclUpdateEndpoint(stack *middleware.Stack, options Options) error {
302	return s3cust.UpdateEndpoint(stack, s3cust.UpdateEndpointOptions{
303		Accessor: s3cust.UpdateEndpointParameterAccessor{
304			GetBucketFromInput: getPutBucketAclBucketMember,
305		},
306		UsePathStyle:            options.UsePathStyle,
307		UseAccelerate:           options.UseAccelerate,
308		SupportsAccelerate:      true,
309		TargetS3ObjectLambda:    false,
310		EndpointResolver:        options.EndpointResolver,
311		EndpointResolverOptions: options.EndpointOptions,
312		UseDualstack:            options.UseDualstack,
313		UseARNRegion:            options.UseARNRegion,
314	})
315}
316